Common Criteria

All nations of the current CCRA have completed their national process and formally acknowledged that they are ready to sign the new CCRA. Please see the corresponding message from the chair of the CCRA Management Committee regarding the status of the ratification of the new CCRA.

The CCRA Management Committee has provided a Vision Statement and Transition Plan for the future direction of the application of the CC and the CCRA.

The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), which ensures that:

  • Products can be evaluated by competent and independent licensed laboratories so as to determine the fulfilment of particular security properties, to a certain extent or assurance;
  • Supporting documents, are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies;
  • The certification of the security properties of an evaluated product can be issued by a number of Certificate Authorizing Schemes, with this certification being based on the result of their evaluation;
  • These certificates are recognized by all the signatories of the CCRA.

The CC is the driving force for the widest available mutual recognition of secure IT products. This web portal is available to support the information on the status of the CCRA, the CC and the certification schemes, licensed laboratories, certified products and related information, news and events.


Certificate Authorizing Members

Certificate Consuming Members

Australia Canada France Germany India Italy Japan Malaysia Netherlands New Zealand Norway Republic of Korea Spain Sweden Turkey United Kingdom United States Austria Czech Republic Denmark Finland Greece Hungary Israel Pakistan Singapore